Vraag & Antwoord

Beveiliging & privacy

Avast ontdekt Rootkit, 3x reboot&scan, verwijderen lukt

10 antwoorden
  • Hallo, Ik heb een Presario V6000 met XP, IE8 en FF, Avast antivirus en Armor firewall. Het ging even goed dacht ik met mijn XP Windows. Elke dag update&scan ik na internet verbinding en ook regelmatig als ik wat meer op internet heb gezeten met Eset. Vandaag heeft Avast ineens een Rootkit ontdekt!!! Bij verwijderen werd gevraagd opnieuw op te starten. Dit heb ik inmiddels 3x gedaan, maar als erop klik zegt ie het opnieuw. Hoe weet ik dat ie eraf is? Hoe check ik dat? Wat moet ik doen?! :S Help! BVD groetjes Holly [img:f0b3bda120]http://www.imgdumper.nl/uploads5/4ede717c972c3/4ede717c96eba-rootkit_door_avast.JPG[/img:f0b3bda120] (bij de opstartscan die Avast deed werden updatefiles ontdekt van SP3, 2 verschillende KB's...) [img:f0b3bda120]http://www.imgdumper.nl/uploads5/4ede72439edaa/4ede72439e9c6-avast_scan_2_corrupte_files.JPG[/img:f0b3bda120] bvd!
  • sorry, vergeten van de schrik: MBAM vind niets en het HJT-log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:36:18, on 6-12-2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Online Armor\OAcat.exe C:\Program Files\Online Armor\oasrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre8\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\AVAST Software\Avast\avastUI.exe C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Online Armor\OAui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Online Armor\OAhlp.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Online Armor\OAui.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Photosmart Premier Snelstart.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1318272596312 O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre8\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Online Armor\OAcat.exe O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Online Armor\oasrv.exe -- End of file - 7486 bytes
  • Vandaag op de laptop van het zoontje van mijn vriendin gebeurde hetzelfde. Hij zat geloof ik op de site spele of spelen.nl en ineens dus die zelfde melding. En mijn vriendin zelf heeft die melding een keer gehad bij marktplaats.nl De genoemde sites lijken mij vertrouwde sites. Dus misschien een false positive?
  • Die sfloppy.sys zit bij mijn XP in c:\Windows\system32\drivers en c:\Windows\system32\dllcache, beiden 12 KB. Ik heb beiden even op Virustotal gecontroleerd, ze zijn OK. Ik heb ook Avast en FF en geen problemen. Je zal even op de expert moeten wachten. Check even op Java.com of je Java up-to-date is.
  • Het log vertoont niks bijzonders! Het is overigens een false-positive melding in Avast. Zorg ervoor dat je Avast update naar de nieuwste definities en daarna reboot je jouw machine. Nogmaals scannen moet dan succesvol verlopen.
  • Hallo, ben ik nog een keer, zojuist was ik hier ook, maar hing de pc vast en moest internet resetten (router). Hopelijk is t loos alarm, maar ik schrik ervan dat Avast het meld, dat zal niet voor niets zijn denk ik dan. Hopelijk een False Positive, Java is up2date overigens. Ga de scans doen, maar hier hevig onweer en bliksem nu. Dus niet aan de netstroom nu. Post het asap. Bvd Groetjes Holly
  • Hallo Abraham54 e.a., had onderstaande gepost, dacht vanmorgen te zien dat ik TDSSscan en Combofix diende te doen...nu ik dit post zie ik het niet meer staan... Akkoord, het is een false positive in Avast... Wel vond Combofix een verborgen bestand. Laat de posts staan vd zekerheid. Hartelijk dank vd support en reacties. De logs van TDSS en Combofix: TDSS: 10:09:50.0984 3012 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44 10:09:51.0093 3012 ============================================================ 10:09:51.0093 3012 Current date / time: 2011/12/07 10:09:51.0093 10:09:51.0093 3012 SystemInfo: 10:09:51.0093 3012 10:09:51.0093 3012 OS Version: 5.1.2600 ServicePack: 3.0 10:09:51.0093 3012 Product type: Workstation 10:09:51.0093 3012 ComputerName: PC284571089395 10:09:51.0093 3012 UserName: p 10:09:51.0093 3012 Windows directory: C:\WINDOWS 10:09:51.0093 3012 System windows directory: C:\WINDOWS 10:09:51.0093 3012 Processor architecture: Intel x86 10:09:51.0093 3012 Number of processors: 2 10:09:51.0093 3012 Page size: 0x1000 10:09:51.0093 3012 Boot type: Normal boot 10:09:51.0093 3012 ============================================================ 10:09:52.0234 3012 Initialize success 10:09:58.0984 3464 ============================================================ 10:09:58.0984 3464 Scan started 10:09:58.0984 3464 Mode: Manual; SigCheck; TDLFS; 10:09:58.0984 3464 ============================================================ 10:09:59.0484 3464 Aavmker4 (b6de0336f9f4b687b4ff57939f7b657a) C:\WINDOWS\system32\drivers\Aavmker4.sys 10:09:59.0812 3464 Aavmker4 - ok 10:09:59.0828 3464 Abiosdsk - ok 10:09:59.0859 3464 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 10:10:00.0000 3464 abp480n5 - ok 10:10:00.0062 3464 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 10:10:00.0250 3464 ACPI - ok 10:10:00.0265 3464 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 10:10:00.0437 3464 ACPIEC - ok 10:10:00.0515 3464 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 10:10:00.0703 3464 adpu160m - ok 10:10:00.0812 3464 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 10:10:01.0015 3464 aec - ok 10:10:01.0078 3464 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 10:10:01.0140 3464 AFD - ok 10:10:01.0250 3464 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 10:10:01.0468 3464 agp440 - ok 10:10:01.0531 3464 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 10:10:01.0765 3464 agpCPQ - ok 10:10:01.0890 3464 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 10:10:02.0015 3464 Aha154x - ok 10:10:02.0046 3464 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 10:10:02.0265 3464 aic78u2 - ok 10:10:02.0296 3464 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 10:10:02.0484 3464 aic78xx - ok 10:10:02.0531 3464 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 10:10:02.0750 3464 AliIde - ok 10:10:02.0812 3464 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 10:10:03.0031 3464 alim1541 - ok 10:10:03.0125 3464 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 10:10:03.0359 3464 amdagp - ok 10:10:03.0390 3464 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 10:10:03.0468 3464 AmdK8 - ok 10:10:03.0500 3464 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 10:10:03.0640 3464 amsint - ok 10:10:03.0734 3464 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 10:10:03.0953 3464 Arp1394 - ok 10:10:04.0046 3464 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 10:10:04.0265 3464 asc - ok 10:10:04.0296 3464 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 10:10:04.0421 3464 asc3350p - ok 10:10:04.0453 3464 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 10:10:04.0671 3464 asc3550 - ok 10:10:04.0812 3464 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\WINDOWS\system32\drivers\aswFsBlk.sys 10:10:04.0843 3464 aswFsBlk - ok 10:10:04.0921 3464 aswMon2 (ef0e9ad83380724bd6fbbb51d2d0f5b8) C:\WINDOWS\system32\drivers\aswMon2.sys 10:10:04.0953 3464 aswMon2 - ok 10:10:04.0968 3464 aswRdr (352d5a48ebab35a7693b048679304831) C:\WINDOWS\system32\drivers\aswRdr.sys 10:10:05.0015 3464 aswRdr - ok 10:10:05.0046 3464 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\WINDOWS\system32\drivers\aswSnx.sys 10:10:05.0093 3464 aswSnx - ok 10:10:05.0156 3464 aswSP (010012597333da1f46c3243f33f8409e) C:\WINDOWS\system32\drivers\aswSP.sys 10:10:05.0203 3464 aswSP - ok 10:10:05.0218 3464 aswTdi (f9f84364416658e9786235904d448d37) C:\WINDOWS\system32\drivers\aswTdi.sys 10:10:05.0250 3464 aswTdi - ok 10:10:05.0343 3464 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 10:10:05.0562 3464 AsyncMac - ok 10:10:05.0625 3464 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 10:10:05.0828 3464 atapi - ok 10:10:05.0843 3464 Atdisk - ok 10:10:05.0875 3464 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 10:10:06.0109 3464 Atmarpc - ok 10:10:06.0140 3464 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 10:10:06.0328 3464 audstub - ok 10:10:06.0406 3464 BCM43XX (114234fafec7060392195170e1c4d45e) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 10:10:06.0515 3464 BCM43XX - ok 10:10:06.0578 3464 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 10:10:06.0812 3464 Beep - ok 10:10:06.0906 3464 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys 10:10:06.0937 3464 BTWUSB ( UnsignedFile.Multi.Generic ) - warning 10:10:06.0937 3464 BTWUSB - detected UnsignedFile.Multi.Generic (1) 10:10:07.0031 3464 catchme - ok 10:10:07.0078 3464 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 10:10:07.0296 3464 cbidf - ok 10:10:07.0312 3464 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 10:10:07.0515 3464 cbidf2k - ok 10:10:07.0531 3464 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 10:10:07.0656 3464 cd20xrnt - ok 10:10:07.0703 3464 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 10:10:07.0906 3464 Cdaudio - ok 10:10:08.0015 3464 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 10:10:08.0250 3464 Cdfs - ok 10:10:08.0265 3464 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 10:10:08.0500 3464 Cdrom - ok 10:10:08.0531 3464 Changer - ok 10:10:08.0593 3464 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 10:10:08.0812 3464 CmBatt - ok 10:10:08.0843 3464 CmdIde (026ba1f2d9c9f742ec3823d0214cd67c) C:\WINDOWS\system32\DRIVERS\cmdide.sys 10:10:09.0062 3464 CmdIde - ok 10:10:09.0218 3464 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 10:10:09.0437 3464 Compbatt - ok 10:10:09.0468 3464 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 10:10:09.0687 3464 Cpqarray - ok 10:10:09.0750 3464 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 10:10:09.0984 3464 dac2w2k - ok 10:10:10.0000 3464 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 10:10:10.0218 3464 dac960nt - ok 10:10:10.0234 3464 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 10:10:10.0437 3464 Disk - ok 10:10:10.0500 3464 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys 10:10:10.0781 3464 dmboot - ok 10:10:10.0937 3464 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys 10:10:11.0171 3464 dmio - ok 10:10:11.0203 3464 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 10:10:11.0437 3464 dmload - ok 10:10:11.0468 3464 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 10:10:11.0671 3464 DMusic - ok 10:10:11.0718 3464 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 10:10:11.0921 3464 dpti2o - ok 10:10:11.0921 3464 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 10:10:12.0125 3464 drmkaud - ok 10:10:12.0140 3464 eabfiltr (b5cb3084046146fd2587d8c9b219feb4) C:\WINDOWS\system32\DRIVERS\eabfiltr.sys 10:10:12.0218 3464 eabfiltr - ok 10:10:12.0328 3464 eabusb (231f4547ae1e4b3e60eca66c3a96d218) C:\WINDOWS\system32\DRIVERS\eabusb.sys 10:10:12.0390 3464 eabusb - ok 10:10:12.0468 3464 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 10:10:12.0671 3464 Fastfat - ok 10:10:12.0718 3464 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 10:10:12.0937 3464 Fdc - ok 10:10:12.0968 3464 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys 10:10:13.0187 3464 Fips - ok 10:10:13.0203 3464 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 10:10:13.0406 3464 Flpydisk - ok 10:10:13.0468 3464 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 10:10:13.0687 3464 FltMgr - ok 10:10:13.0812 3464 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 10:10:14.0031 3464 Fs_Rec - ok 10:10:14.0093 3464 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 10:10:14.0296 3464 Ftdisk - ok 10:10:14.0359 3464 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 10:10:14.0578 3464 Gpc - ok 10:10:14.0609 3464 HBtnKey (4d4d97671c63c3af869b3518e6054204) C:\WINDOWS\system32\DRIVERS\cpqbttn.sys 10:10:14.0656 3464 HBtnKey - ok 10:10:14.0734 3464 HdAudAddService (2a6e9a118da2dd0439551a7eb3a8f65e) C:\WINDOWS\system32\drivers\CHDAud.sys 10:10:14.0937 3464 HdAudAddService - ok 10:10:15.0125 3464 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 10:10:15.0437 3464 HDAudBus - ok 10:10:15.0500 3464 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 10:10:15.0718 3464 hpn - ok 10:10:15.0750 3464 HSFHWAZL (448c0fd272fe1b80046f4767db21eb8d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 10:10:15.0828 3464 HSFHWAZL - ok 10:10:15.0921 3464 HSF_DPV (2715a27de9c17bdbaf6d6c79989a7b12) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 10:10:16.0046 3464 HSF_DPV - ok 10:10:16.0234 3464 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 10:10:16.0343 3464 HTTP - ok 10:10:16.0421 3464 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 10:10:16.0718 3464 i2omgmt - ok 10:10:16.0750 3464 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 10:10:16.0968 3464 i2omp - ok 10:10:17.0031 3464 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 10:10:17.0250 3464 i8042prt - ok 10:10:17.0437 3464 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys 10:10:17.0515 3464 iaStor ( UnsignedFile.Multi.Generic ) - warning 10:10:17.0515 3464 iaStor - detected UnsignedFile.Multi.Generic (1) 10:10:17.0578 3464 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 10:10:17.0812 3464 Imapi - ok 10:10:17.0890 3464 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 10:10:18.0093 3464 ini910u - ok 10:10:18.0203 3464 IntelIde (72c63ad984d427d34bd5b9db838d88eb) C:\WINDOWS\system32\DRIVERS\intelide.sys 10:10:18.0421 3464 IntelIde - ok 10:10:18.0453 3464 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 10:10:18.0656 3464 Ip6Fw - ok 10:10:18.0687 3464 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 10:10:18.0921 3464 IpFilterDriver - ok 10:10:18.0953 3464 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 10:10:19.0140 3464 IpInIp - ok 10:10:19.0187 3464 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 10:10:19.0406 3464 IpNat - ok 10:10:19.0468 3464 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 10:10:19.0671 3464 IPSec - ok 10:10:19.0718 3464 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 10:10:19.0812 3464 IRENUM - ok 10:10:19.0906 3464 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys 10:10:20.0140 3464 isapnp - ok 10:10:20.0187 3464 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 10:10:20.0390 3464 Kbdclass - ok 10:10:20.0453 3464 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 10:10:20.0656 3464 kbdhid - ok 10:10:20.0734 3464 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 10:10:20.0953 3464 kmixer - ok 10:10:21.0000 3464 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 10:10:21.0093 3464 KSecDD - ok 10:10:21.0187 3464 lbrtfdc - ok 10:10:21.0265 3464 mdmxsdk (74f4372af97a587ecec527ec34955712) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 10:10:21.0312 3464 mdmxsdk - ok 10:10:21.0359 3464 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 10:10:21.0375 3464 MHNDRV ( UnsignedFile.Multi.Generic ) - warning 10:10:21.0375 3464 MHNDRV - detected UnsignedFile.Multi.Generic (1) 10:10:21.0437 3464 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 10:10:21.0640 3464 mnmdd - ok 10:10:21.0703 3464 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys 10:10:21.0921 3464 Modem - ok 10:10:21.0953 3464 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys 10:10:22.0156 3464 Mouclass - ok 10:10:22.0187 3464 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 10:10:22.0406 3464 MountMgr - ok 10:10:22.0531 3464 MQAC (eee50bf24caeedb515a8f3b22756d3bb) C:\WINDOWS\system32\drivers\mqac.sys 10:10:22.0546 3464 MQAC ( UnsignedFile.Multi.Generic ) - warning 10:10:22.0546 3464 MQAC - detected UnsignedFile.Multi.Generic (1) 10:10:22.0593 3464 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 10:10:22.0796 3464 mraid35x - ok 10:10:22.0859 3464 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 10:10:23.0078 3464 MRxDAV - ok 10:10:23.0171 3464 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 10:10:23.0281 3464 MRxSmb - ok 10:10:23.0421 3464 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 10:10:23.0609 3464 Msfs - ok 10:10:23.0671 3464 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 10:10:23.0875 3464 MSKSSRV - ok 10:10:23.0937 3464 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 10:10:24.0140 3464 MSPCLOCK - ok 10:10:24.0156 3464 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 10:10:24.0359 3464 MSPQM - ok 10:10:24.0421 3464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 10:10:24.0640 3464 mssmbios - ok 10:10:24.0687 3464 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 10:10:24.0765 3464 Mup - ok 10:10:24.0890 3464 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 10:10:25.0093 3464 NDIS - ok 10:10:25.0187 3464 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 10:10:25.0234 3464 NdisTapi - ok 10:10:25.0250 3464 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 10:10:25.0453 3464 Ndisuio - ok 10:10:25.0468 3464 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 10:10:25.0687 3464 NdisWan - ok 10:10:25.0750 3464 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 10:10:25.0812 3464 NDProxy - ok 10:10:25.0921 3464 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 10:10:26.0140 3464 NetBIOS - ok 10:10:26.0250 3464 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 10:10:26.0468 3464 NetBT - ok 10:10:26.0515 3464 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 10:10:26.0734 3464 NIC1394 - ok 10:10:26.0750 3464 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 10:10:26.0953 3464 Npfs - ok 10:10:27.0000 3464 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 10:10:27.0218 3464 Ntfs - ok 10:10:27.0328 3464 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 10:10:27.0562 3464 Null - ok 10:10:27.0828 3464 nv (bbb8ab2ffd7a79cd9d7751008e3de579) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 10:10:28.0031 3464 nv - ok 10:10:28.0234 3464 nvata (3ac5eedd35b7437d53960f3998bfa462) C:\WINDOWS\system32\DRIVERS\nvata.sys 10:10:28.0328 3464 nvata - ok 10:10:28.0390 3464 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 10:10:28.0437 3464 NVENETFD - ok 10:10:28.0468 3464 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 10:10:28.0515 3464 nvnetbus - ok 10:10:28.0546 3464 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys 10:10:28.0656 3464 nvsmu - ok 10:10:28.0796 3464 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 10:10:29.0062 3464 NwlnkFlt - ok 10:10:29.0078 3464 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 10:10:29.0312 3464 NwlnkFwd - ok 10:10:29.0390 3464 OADevice (43d99d58cbadbedebb95069caf6189ca) C:\WINDOWS\system32\drivers\OADriver.sys 10:10:29.0421 3464 OADevice - ok 10:10:29.0453 3464 oahlpXX (f030e19809a764cae883050d2de42805) C:\WINDOWS\system32\drivers\oahlp32.sys 10:10:29.0484 3464 oahlpXX - ok 10:10:29.0500 3464 OAmon (8e2a8fe08e0c5aacf59c8ec08f639b46) C:\WINDOWS\system32\drivers\OAmon.sys 10:10:29.0531 3464 OAmon - ok 10:10:29.0578 3464 OAnet (e68e3c7dd3f2a40b9ad142070fb21edb) C:\WINDOWS\system32\drivers\OAnet.sys 10:10:29.0625 3464 OAnet - ok 10:10:29.0656 3464 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 10:10:29.0875 3464 ohci1394 - ok 10:10:30.0046 3464 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\drivers\Parport.sys 10:10:30.0281 3464 Parport - ok 10:10:30.0296 3464 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 10:10:30.0500 3464 PartMgr - ok 10:10:30.0562 3464 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys 10:10:30.0781 3464 ParVdm - ok 10:10:30.0796 3464 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys 10:10:31.0015 3464 PCI - ok 10:10:31.0031 3464 PCIDump - ok 10:10:31.0046 3464 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys 10:10:31.0265 3464 PCIIde - ok 10:10:31.0343 3464 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 10:10:31.0562 3464 Pcmcia - ok 10:10:31.0671 3464 PDCOMP - ok 10:10:31.0687 3464 PDFRAME - ok 10:10:31.0703 3464 PDRELI - ok 10:10:31.0718 3464 PDRFRAME - ok 10:10:31.0750 3464 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 10:10:31.0953 3464 perc2 - ok 10:10:31.0968 3464 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 10:10:32.0187 3464 perc2hib - ok 10:10:32.0218 3464 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 10:10:32.0437 3464 PptpMiniport - ok 10:10:32.0468 3464 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 10:10:32.0671 3464 Ptilink - ok 10:10:32.0703 3464 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\drivers\PxHelp20.sys 10:10:32.0734 3464 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning 10:10:32.0734 3464 PxHelp20 - detected UnsignedFile.Multi.Generic (1) 10:10:32.0781 3464 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 10:10:33.0000 3464 ql1080 - ok 10:10:33.0031 3464 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 10:10:33.0234 3464 Ql10wnt - ok 10:10:33.0359 3464 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 10:10:33.0562 3464 ql12160 - ok 10:10:33.0578 3464 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 10:10:33.0781 3464 ql1240 - ok 10:10:33.0843 3464 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 10:10:34.0062 3464 ql1280 - ok 10:10:34.0109 3464 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 10:10:34.0312 3464 RasAcd - ok 10:10:34.0375 3464 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 10:10:34.0593 3464 Rasl2tp - ok 10:10:34.0703 3464 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 10:10:34.0906 3464 RasPppoe - ok 10:10:34.0953 3464 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 10:10:35.0187 3464 Raspti - ok 10:10:35.0234 3464 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 10:10:35.0437 3464 Rdbss - ok 10:10:35.0500 3464 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 10:10:35.0703 3464 RDPCDD - ok 10:10:35.0734 3464 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 10:10:35.0968 3464 rdpdr - ok 10:10:36.0093 3464 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 10:10:36.0171 3464 RDPWD - ok 10:10:36.0187 3464 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys 10:10:36.0375 3464 redbook - ok 10:10:36.0437 3464 rimmptsk (7a6648b61661b1421ffab762e391e33f) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 10:10:36.0515 3464 rimmptsk - ok 10:10:36.0562 3464 rimsptsk (8f7012d1b6a71ee9c23ce93dcdbf9f4b) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 10:10:36.0625 3464 rimsptsk - ok 10:10:36.0656 3464 rismxdp (3ac17802740c3a4764dc9750e92e6233) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 10:10:36.0703 3464 rismxdp - ok 10:10:36.0859 3464 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 10:10:36.0921 3464 RMCAST - ok 10:10:36.0984 3464 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 10:10:37.0187 3464 rtl8139 - ok 10:10:37.0250 3464 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 10:10:37.0468 3464 sdbus - ok 10:10:37.0546 3464 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 10:10:37.0671 3464 Secdrv - ok 10:10:37.0781 3464 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\drivers\Serial.sys 10:10:37.0984 3464 Serial - ok 10:10:38.0046 3464 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 10:10:38.0234 3464 sffdisk - ok 10:10:38.0265 3464 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 10:10:38.0453 3464 sffp_sd - ok 10:10:38.0484 3464 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 10:10:38.0703 3464 Sfloppy - ok 10:10:38.0765 3464 Simbad - ok 10:10:38.0828 3464 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 10:10:39.0031 3464 sisagp - ok 10:10:39.0156 3464 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 10:10:39.0296 3464 Sparrow - ok 10:10:39.0343 3464 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 10:10:39.0531 3464 splitter - ok 10:10:39.0562 3464 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys 10:10:39.0671 3464 sr - ok 10:10:39.0796 3464 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 10:10:39.0875 3464 Srv - ok 10:10:40.0015 3464 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 10:10:40.0203 3464 swenum - ok 10:10:40.0250 3464 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 10:10:40.0453 3464 swmidi - ok 10:10:40.0515 3464 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 10:10:40.0687 3464 symc810 - ok 10:10:40.0765 3464 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 10:10:40.0968 3464 symc8xx - ok 10:10:41.0031 3464 SYMIDSCO - ok 10:10:41.0140 3464 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 10:10:41.0343 3464 sym_hi - ok 10:10:41.0359 3464 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 10:10:41.0562 3464 sym_u3 - ok 10:10:41.0593 3464 SynTP (60cb9f7c95791fe56a6e86868f4467ba) C:\WINDOWS\system32\DRIVERS\SynTP.sys 10:10:41.0656 3464 SynTP - ok 10:10:41.0750 3464 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 10:10:41.0921 3464 sysaudio - ok 10:10:42.0000 3464 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 10:10:42.0093 3464 Tcpip - ok 10:10:42.0234 3464 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 10:10:42.0437 3464 TDPIPE - ok 10:10:42.0515 3464 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 10:10:42.0718 3464 TDTCP - ok 10:10:42.0781 3464 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 10:10:43.0000 3464 TermDD - ok 10:10:43.0046 3464 TosIde (5bc2144ab4f6090f12e49e9648b5a702) C:\WINDOWS\system32\DRIVERS\toside.sys 10:10:43.0234 3464 TosIde - ok 10:10:43.0296 3464 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 10:10:43.0500 3464 Udfs - ok 10:10:43.0609 3464 UIUSys - ok 10:10:43.0625 3464 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 10:10:43.0734 3464 ultra - ok 10:10:43.0843 3464 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 10:10:44.0078 3464 Update - ok 10:10:44.0125 3464 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 10:10:44.0328 3464 usbehci - ok 10:10:44.0359 3464 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 10:10:44.0578 3464 usbhub - ok 10:10:44.0687 3464 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 10:10:44.0890 3464 usbohci - ok 10:10:44.0953 3464 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 10:10:45.0171 3464 USBSTOR - ok 10:10:45.0203 3464 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 10:10:45.0421 3464 usbuhci - ok 10:10:45.0468 3464 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 10:10:45.0687 3464 VgaSave - ok 10:10:45.0718 3464 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 10:10:45.0921 3464 viaagp - ok 10:10:46.0031 3464 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 10:10:46.0234 3464 ViaIde - ok 10:10:46.0296 3464 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys 10:10:46.0500 3464 VolSnap - ok 10:10:46.0546 3464 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 10:10:46.0750 3464 Wanarp - ok 10:10:46.0765 3464 WDICA - ok 10:10:46.0812 3464 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 10:10:47.0015 3464 wdmaud - ok 10:10:47.0109 3464 winachsf (7fe372b1ab60736cc67e8eb6f1fb1f5b) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 10:10:47.0203 3464 winachsf - ok 10:10:47.0312 3464 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 10:10:47.0500 3464 WmiAcpi - ok 10:10:47.0625 3464 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 10:10:47.0703 3464 WudfPf - ok 10:10:47.0734 3464 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 10:10:47.0796 3464 WudfRd - ok 10:10:47.0843 3464 MBR (0x1B8) (89685f688d61d591fe668a640b2d74a0) \Device\Harddisk0\DR0 10:10:47.0937 3464 \Device\Harddisk0\DR0 - ok 10:10:47.0937 3464 Boot (0x1200) (004620da451119e64258b4b740802a5b) \Device\Harddisk0\DR0\Partition0 10:10:47.0937 3464 \Device\Harddisk0\DR0\Partition0 - ok 10:10:47.0953 3464 Boot (0x1200) (1524e9a3cacc00add9c208936ce8d29c) \Device\Harddisk0\DR0\Partition1 10:10:47.0953 3464 \Device\Harddisk0\DR0\Partition1 - ok 10:10:47.0953 3464 ============================================================ 10:10:47.0953 3464 Scan finished 10:10:47.0953 3464 ============================================================ 10:10:48.0062 2632 Detected object count: 5 10:10:48.0062 2632 Actual detected object count: 5 10:11:10.0859 2632 C:\WINDOWS\system32\Drivers\btwusb.sys - copied to quarantine 10:11:10.0984 2632 BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 10:11:11.0125 2632 C:\WINDOWS\system32\DRIVERS\iaStor.sys - copied to quarantine 10:11:11.0281 2632 iaStor ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 10:11:11.0328 2632 C:\WINDOWS\system32\DRIVERS\mhndrv.sys - copied to quarantine 10:11:11.0375 2632 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 10:11:11.0578 2632 C:\WINDOWS\system32\drivers\mqac.sys - copied to quarantine 10:11:11.0703 2632 MQAC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 10:11:11.0781 2632 C:\WINDOWS\system32\drivers\PxHelp20.sys - copied to quarantine 10:11:11.0828 2632 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine Combofix: ComboFix 11-12-06.01 - p 07-12-2011 12:29:36.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.1983.1469 [GMT 1:00] Gestart vanuit: c:\documents and settings\p\Bureaublad\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A} . . (((((((((((((((((((( Bestanden Gemaakt van 2011-11-07 to 2011-12-07 )))))))))))))))))))))))))))))) . . 2011-11-22 21:32 . 2011-12-03 13:22 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2011-11-22 21:31 . 2011-12-03 13:22 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-11-22 21:31 . 2011-12-03 13:22 486360 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll 2011-11-22 21:31 . 2011-12-03 13:22 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll 2011-11-22 21:31 . 2011-12-03 13:22 633816 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll 2011-11-22 21:31 . 2011-12-03 13:22 555992 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll 2011-11-21 22:36 . 2011-11-21 22:36 -------- d-----w- c:\program files\Common Files\Java 2011-11-21 22:14 . 2011-11-21 22:14 -------- d-----w- c:\windows\system32\wbem\Repository 2011-11-21 20:50 . 2011-11-21 20:50 -------- d-----w- c:\documents and settings\p\Local Settings\Application Data\Sun 2011-11-21 10:22 . 2011-11-21 10:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2011-11-18 10:59 . 2011-11-18 13:33 -------- d-----w- c:\documents and settings\p\Application Data\Download Manager 2011-11-17 20:10 . 2011-11-17 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor 2011-11-17 20:10 . 2011-11-17 20:10 -------- d-----w- c:\documents and settings\p\Application Data\OnlineArmor 2011-11-17 20:07 . 2011-11-01 10:34 40296 ----a-w- c:\windows\system32\drivers\oahlp32.sys 2011-11-17 20:07 . 2011-11-01 10:34 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys 2011-11-17 20:07 . 2011-11-01 10:34 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys 2011-11-17 20:06 . 2011-11-01 10:34 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys 2011-11-17 20:06 . 2011-11-29 20:34 -------- d-----w- c:\program files\Online Armor 2011-11-13 15:08 . 2011-11-13 15:08 388096 ----a-r- c:\documents and settings\p\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-11-13 15:08 . 2011-11-13 15:08 -------- d-----w- c:\program files\Trend Micro 2011-11-09 11:10 . 2011-11-09 11:11 -------- d-----w- c:\documents and settings\p\Application Data\HpUpdate 2011-11-09 11:10 . 2011-11-09 11:10 -------- d-----w- c:\windows\Hewlett-Packard 2011-11-08 12:50 . 2011-11-08 12:50 -------- d-----w- c:\documents and settings\p\Local Settings\Application Data\Identities 2011-11-07 20:50 . 2011-11-07 20:50 -------- d-----w- c:\windows\system32\URTTEMP 2011-11-07 19:33 . 2011-11-07 19:33 -------- d-----w- c:\program files\Microsoft.NET 2011-11-07 18:51 . 2011-11-07 18:52 -------- d-----w- C:\eb2cb681b9c02191941fc7ed . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-28 18:01 . 2011-10-10 16:19 41184 ----a-w- c:\windows\avastSS.scr 2011-11-28 18:01 . 2011-10-10 16:19 199816 ----a-w- c:\windows\system32\aswBoot.exe 2011-11-28 17:53 . 2011-10-10 16:20 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-11-28 17:53 . 2011-10-10 16:20 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-11-28 17:52 . 2011-10-10 16:20 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-11-28 17:52 . 2011-10-10 16:20 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-11-28 17:52 . 2011-10-10 16:20 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-11-28 17:51 . 2011-10-10 16:20 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-11-28 17:51 . 2011-10-10 16:20 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-11-28 17:48 . 2011-10-10 16:20 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-11-24 15:14 . 2011-10-10 13:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-21 22:35 . 2011-10-10 16:16 141312 ----a-w- c:\windows\system32\javacpl.cpl 2011-10-24 13:29 . 2011-10-24 13:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 13:29 . 2011-10-24 13:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-12 01:10 . 2011-10-12 01:10 89680 ----a-w- c:\documents and settings\p\MSSSerif120.fon 2011-10-10 14:22 . 2006-04-11 04:00 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-03 03:06 . 2011-10-10 16:16 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-09-28 07:06 . 2006-04-11 04:00 602624 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 10:41 . 2008-07-29 18:59 614912 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 09:41 . 2006-04-11 04:00 23040 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-26 09:41 . 2006-04-11 04:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-12-03 13:22 . 2011-11-22 21:31 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-18 64512] "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-18 7585792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-18 86016] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2011-11-01 2531104] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2011-11-01 358840] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10-10-2011 17:20 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10-10-2011 17:20 314456] R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [17-11-2011 21:06 205864] R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [17-11-2011 21:07 25192] R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [17-11-2011 21:07 29464] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10-10-2011 17:20 20568] R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [17-11-2011 21:06 207936] S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [17-11-2011 21:07 40296] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384] S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176] S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [17-11-2011 21:06 4363040] S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10-10-2011 17:24 136176] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11-4-2006 5:00 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Inhoud van de 'Gedeelde Taken' map . 2011-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24] . 2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-10-10 16:24] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=64&bd=presario&pf=laptop FF - ProfilePath - c:\documents and settings\p\Application Data\Mozilla\Firefox\Profiles\xrtbp34y.default\ FF - prefs.js: browser.startup.homepage - hxxps://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&ct=1318508005&rver=6.1.6206.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&lc=1043&id=64855&mkt=nl-NL&cbcxt=mai&snsc=1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-12-07 12:38 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\## aswSnx private storage . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2404) c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Voltooingstijd: 2011-12-07 12:41:52 ComboFix-quarantined-files.txt 2011-12-07 11:41 ComboFix2.txt 2011-11-22 19:41 . Pre-Run: 70.450.454.528 bytes beschikbaar Post-Run: 70.433.062.912 bytes beschikbaar . - - End Of File - - 7FFE3D259FA5C7170BA73C019A9236BA Bvd groetjes Holly
  • Alles in orde hoor.
  • Okay, gelukkig! Ben denk ik een beetje bang geworden sinds die backdoor. Heb het niet meer op rootkits, begrijp die dingen niet, dus jaagt me schrik aan. Ben gerust nu. Sorry voor het evt. ongemak. Dank! Groetjes Holly.
  • Mooi zo, dan gaan we opruimen! [color=#FF0000:a6ccfa39e8][b:a6ccfa39e8]Stap •1•[/b:a6ccfa39e8][/color:a6ccfa39e8] [b:a6ccfa39e8]TDSSKiller[/b:a6ccfa39e8] en dito [b:a6ccfa39e8]C:\TDSSKiller[/b:a6ccfa39e8] mag je handmatig verwijderen. [color=#FF0000:a6ccfa39e8][b:a6ccfa39e8]Stap •2•[/b:a6ccfa39e8][/color:a6ccfa39e8] ComboFix mag nu verwijderd worden: [list:a6ccfa39e8][*:a6ccfa39e8] ga daarvoor naar Start - Uitvoeren [*:a6ccfa39e8] kopieer en plak hierin het volgende: [b:a6ccfa39e8]Combofix /Uninstall[/b:a6ccfa39e8] [*:a6ccfa39e8] klik daarna op [b:a6ccfa39e8]OK[/b:a6ccfa39e8]. [*:a6ccfa39e8] indien het goed is, krijg je vervolgens een melding, dat Combofix verwijderd werd.[/list:u:a6ccfa39e8] Voorbeeld: [img:a6ccfa39e8]http://www.emphyrio.be/images/SMUninstall_combofix.png[/img:a6ccfa39e8] Uitvoeren kan ook gestart worden door de toetsen "Windowstoets + R" gelijktijdig in te drukken. [i:a6ccfa39e8]Dit zal Combofix verwijderen inclusief gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en reset je Systeemherstel opnieuw.[/i:a6ccfa39e8]

Beantwoord deze vraag

Weet jij het antwoord op deze vraag? Registreer of meld je aan met je account

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.